Level 3

Sorry if I made havoc . I just fell over the disabling of the script host, and thought that looked like a good idea.Still do. But of course it has to be done the right way. I am no PC wizard, I just try to make it all play without too much fuzz.

Level 38

No, for the standard applications.
Windows Script Host scripts are used sometimes (very rarely), for example by 'Intel(r) Energy Checker SDK'. Blocking WSH in the home environment do not break anything important.

The above should be executed from Administrator Command Prompt (use 'Run as administrator') !

The Command Prompt cannot be blocked system wide, because it is used as an alternative shell in Windows (Safe Boot can start system in Command Prompt). It can be blocked per user. The below is the way to block it on the default Administrator type of account (not SUA):

The user still can execute .bat and .cmd scripts as administrator.The above reg tweak will not work on SUA (Standard User Account). On SUA one should use the similar key in the proper HKU registry hive.
Yet, OneDrive uses Command Prompt to clean the leftovers after updates, Sandboxie uses it to clean the sandbox, Intel software can use it for launching igfxEM.exe or igfxHK.exe, or igfxTray.exe, etc. So, disabling Command Prompt is more tricky than disabling Windows Script Host.

PowerShell is the most dangerous Windows scripting language, so it should be restricted in the first place.Tutorial - How do you secure PowerShell?
PowerShell interpreters can be blocked, but this does not mean that PowerShell functionality can be totally blocked by this. The PowerShell functions are contained in the System.Management.Automation.dll and System.Management.Automation.ni.dll. It is not recommended to block those DLLs.

Level 38

Thanks. 'Run as administrator' can be used to bypass blocked Command Prompt only if you would block Command Prompt on SUA. But, blocking Command Prompt by policy on SUA cannot be done via HKCU reg tweak. One has to do it via the proper HKU registry key. My post was not precise, so I edited it.

Level 74

Yes, 3rd party apps are the easiest way to do this and other important security tweaks. Appguard needs to be specifically configured to block Windows Script Host, but some other apps will do it out of the box.

Level 38

On 64-bit Windows the above checks only 64-bit Windows Script Host.
For checking 32-bit Windows Script Host on 64-bit Windows you should also execute from the Explorer the below command line:
c:\Windows\SysWOW64\wscript.exe "path2yourscript"

Level 24

Level 21

Yes, 3rd party apps are the easiest way to do this and other important security tweaks. Appguard needs to be specifically configured to block Windows Script Host, but some other apps will do it out of the box.

Level 21

On 64-bit Windows the above checks only 64-bit Windows Script Host.
For checking 32-bit Windows Script Host on 64-bit Windows you should also execute from the Explorer the below command line:
c:\Windows\SysWOW64\wscript.exe "path2yourscript"

Level 44

On 64-bit Windows the above checks only 64-bit Windows Script Host.
For checking 32-bit Windows Script Host on 64-bit Windows you should also execute from the Explorer the below command line:
c:\Windows\SysWOW64\wscript.exe "path2yourscript"

Level 38

When you execute the script by a mouse-click, then on 64-bit Windows the 64-bit interpreter wscript.exe is used by default to run the script. So, you did not test if the 32-bit interpreter was blocked.
The commandline from my post, executes the script like malware can do, by using 32-bit interpreter wscript.exe on 64-bit Windows. So, if you have the script helloworld.vbs in "c:\scripts" folder, then you have to execute the commandline:
c:\Windows\SysWOW64\wscript.exe "c:\scripts\helloworld.vbs"
If you will see the alert that Windows Script Host is blocked, then you can be sure that also 32-bit interpreter wscript.exe is blocked, for sure.

Simply copy & paste & execute the commandline in the 'Quick access' area in Windows File Explorer, or in the Command Prompt console.

Level 38

What do you mean? I assume that the registry tweaks are already done.
It is not the commandline to introduce the new tweak, but only the commandline for checking if the already applied reg tweaks (for blocking WSH) are working well.

We use cookies to improve your browsing experience on our site, show personalized content and targeted ads, analyze site traffic, and understand where our audience is coming from.
By continuing to use this site, you are consenting to our use of cookies.